Original patch by Ant. from HoneyPot.net This a patch to gentoo (stable) bash-2.05b to enable additional logging via syslog.
Created attachment 57941 [details, diff] bash-2.05b patch
http://www.nardware.co.uk/Security/html/bashlogger.htm Is the ORGIGINAL patch. I added the #ifdef USE_SYSLOG sectoins in order to use USE flags
(note i havent looked at the patch) see if it works nicely with bash-3.0-r11 and if it does, re-open if it doesnt, please find a newer version :)
Created attachment 57967 [details, diff] Bash-3.0 syslog patch for bash-3.0
Updated to work with 3.0
ok, normally i would prefer the autotool version you provided here, but since nothing else touches configure.in, i'd prefer if the patch just always enabled syslog support so ive stripped down the patch and added it to 3.0-r11 behind USE=bashlogger with a big old warning if we have patches in the future which touch configure.in/etc..., i'll be sure to grab your patch :)
Just a note for those not techy enough to read the source code, this patch puts all logs to local5.info
Sorry, yes, it logs to local5 syslog facility
I noticed that this patch does not log non-interactive bash shells, which means that any half-brained person can get around the logging wihtout any issues.
Created attachment 91498 [details, diff] Corrected patch for bash-3.1 There was a bug in the old patch for 3.1, which caused to seg fault the bash if the command length (including the \n) exceeds 599 chars. This patch is corrected and working for me, think a confirmation is not necessary. Changed: + syslog(LOG_LOCAL5, LOG_INFO, "HISTORY: PID=%d UID=%d %s(++TRUNC)", to: + syslog(LOG_LOCAL5 | LOG_INFO, "HISTORY: PID=%d UID=%d %s(++TRUNC)",
*** Bug 139043 has been marked as a duplicate of this bug. ***
Comment on attachment 91498 [details, diff] Corrected patch for bash-3.1 different bug, no point in tracking it here, keep it in Bug 139043
